Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

OpenSSL Patches Nine Vulnerabilities

Last Revised

OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are available:

  • OpenSSL 0.9.8 users should upgrade to 0.9.8zb
  • OpenSSL 1.0.0 users should upgrade to 1.0.0n
  • OpenSSL 1.0.1 users should upgrade to 1.0.1i

US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.